|
|
To control the number of login attempts that can be made on a line set up for TACACS verification, use the tacacs-server attempts global configuration command. Use the no form of this command to remove this feature and restore the default.
Refer to the LightStream 1010 ATM Switch User Guide for more information about the tacacs-server attempts global configuration command.
The following example changes the login attempt to just one try.
To enable an extended TACACS mode, use the tacacs-server extended global configuration command. Use the no form of this command to disable the mode.
This command has no arguments or keywords.
Refer to the LightStream 1010 ATM Switch User Guide for more information about the tacacs-server extended global configuration command.
Note This command initializes extended TACACS. To initialize AAA/TACACS+, use the aaa new-model command.
The following example enables extended TACACS mode.
To specify a TACACS host, use the tacacs-server host global configuration command. You can use multiple tacacs-server host commands to specify multiple hosts. The software searches for the hosts in the order you specify them. The no form of this command deletes the specified name or address.
Refer to the LightStream 1010 ATM Switch User Guide for more information about the tacacs-server host global configuration command.
The following example specifies a TACACS host named SCACAT.
aaa authentication ppp
login
slip
To cause the network server to request the privileged password as verification or to force successful login without further input from the user, use the tacacs-server last-resort global configuration command. The no form of this command restores the system to the default behavior.
If, when running the TACACS server, the TACACS server does not respond, the default action is to deny the request.
Use the tacacs-server last-resort command to be sure that login can occur; for example, a systems administrator must log in to troubleshoot TACACS servers that might be down.
Refer to the LightStream 1010 ATM Switch User Guide for more information about the tacacs-server last-resort global configuration command.
The following example forces successful login.
To specify that the first TACACS request to a TACACS server be made without password verification, use the tacacs-server optional-passwords global configuration command. Use the no form of this command to restore the default.
This command has no arguments or keywords.
When the user enters in the login name, the login request is transmitted with the name and a zero-length password. If accepted, the login procedure completes. If the TACACS server refuses this request, the server software prompts for a password and tries again when the user supplies a password. The TACACS server must support authentication for users without passwords to make use of this feature. This feature supports all TACACS requests—login, SLIP, enable, and so on.
Refer to the LightStream 1010 ATM Switch User Guide for more information about the tacacs-server optional-passwords global configuration command.
The following example configures the first login to not require TACACS verification.
To specify the number of times the switch software searches the list of TACACS server hosts before giving up, use the tacacs-server retransmit global configuration command. The switch software tries all servers, allowing each one to timeout before increasing the retransmit count. The no form of this command restores the default.
Refer to the LightStream 1010 ATM Switch User Guide for more information about the tacacs-server retransmit global configuration command.
The following example specifies a retransmit counter value of five times.
To set the interval that the server waits for a server host to reply, use the tacacs-server timeout global configuration command. The no form of this command restores the default.
Refer to the LightStream 1010 ATM Switch User Guide for more information about the tacacs-server timeout global configuration command.
The following example changes the interval timer to 10 seconds.
The following terminal commands are documented under the following parameter names:
| Command | Description |
|---|---|
escape-character-bits |
|
To specify the type of terminal connected to a line, use the terminal-type line configuration command. The command records the type of terminal connected to the line. The no form of this command removes any information about the type of terminal and resets the line to the default terminal emulation.
The argument terminal-name provides a record of the terminal type and allows terminal negotiation of display management by hosts that provide that type of service.
The following example defines the terminal on the console as a type VT220.
terminal terminal-type
To specify that the switch or Flash device operates as a TFTP server, use one of the following tftp-server global configuration commands. To remove a previously defined filename, use the no form of this command with the appropriate filename.
You can specify multiple filenames by repeating the tftp-server command. The system sends a copy of the system image contained in ROM or one of the system images contained in Flash memory to any client that issues a TFTP Read Request with this filename.
If the specified filename1 or filename2 exists in Flash memory, a copy of the Flash image is sent. On systems that contain a complete image in ROM, the system sends the ROM image if the specified filename1 or filename2 is not found in Flash memory.
Images that run from ROM cannot be loaded over the network. Therefore, you should not use TFTP to offer the ROMs on these images.
The system sends a copy of the file contained on one of the Flash memory devices to any client that issues a TFTP Read Request with its filename.
In the following example, the system uses TFTP to send a copy of the version-11.1 file located in Flash memory in response to a TFTP Read Request for that file. The requesting host is checked against access list 22.
In the following example, the system uses TFTP to send a copy of the version-11.1.4 file in response to a TFTP Read Request for that file. The file is located on the Flash memory card inserted in slot 0 of the ASP card.
To configure the PNNI timers, use the timer ATM router PNNI node-level subcommand. To return to the default values, use the no form of this command.
See individual syntax descriptions.
ATM router PNNI configuration.
Decreasing the hello-interval allows PNNI to detect neighbor nodes that have stopped functioning as quickly as other nodes. The inactivity-factor is used as a multiplier of the hello-interval in received hello packets to determine the dead interval, the time after which the neighbor node is declared down if no hello packets are received. The inactivity-factor can be increased on unreliable interfaces to avoid false alarms.
Decreasing the retransmit-interval causes retransmission to increase when a PNNI packet gets lost. However, this increases the risk of unnecessarily retransmitting PNNI packets that are delayed but actually reaches the neighbor. Increasing ack-delay causes more PTSEs to be acknowledged in one ack packet. Lowering hello-holddown allows another hello packet to be sent shortly after one was sent. To avoid an overload in switch processing, you should adjust these parameters carefully.
For more information, refer to the LightStream 1010 ATM Switch Software Configuration Guide.
The following script shows how to change the hello-interval to 5 seconds.
Note This command or some of its parameters might not function as expected in the LightStream 1010 ATM switch environment.
Use the traceroute privileged EXEC command to discover the routes the switch's packets actually take when traveling to their destination.
The protocol argument is based on the switch's examination of the format of destination. For example, if the switch finds a destination argument in IP format, the protocol value defaults to ip.
The traceroute command works by taking advantage of the error messages generated by switches when a datagram exceeds its time-to-live (TTL) value.
The traceroute command starts by sending probe datagrams with a TTL value of 1. This causes the first switch to discard the probe datagram and send back an error message. The traceroute command sends several probes at each TTL level and displays the round-trip time for each.
The traceroute command sends out one probe at a time. Each outgoing packet may result in one or two error messages. A "time exceeded" error message indicates that an intermediate switch detected and discarded the probe. A "destination unreachable" error message indicates that the destination node received and discarded the probe because it could not deliver the packet. If the timer goes off before a response comes in, traceroute prints an asterisk (*).
The traceroute command terminates when the destination responds, when the maximum TTL is exceeded, or when the user interrupts the trace with the escape sequence. By default, to invoke the escape sequence, type Ctrl ^ X—by simultaneously pressing and releasing the Ctrl, Shift, and 6 keys, and then pressing the X key.
To use nondefault parameters and invoke an extended traceroute test, enter the command without a destination argument. You are stepped through a dialog to select the desired parameters.
Due to bugs in the IP implementation of various hosts and switches, the IP traceroute command may behave in uncommon ways.
Not all destinations respond correctly to a probe message by sending back an "ICMP port unreachable" message. A long sequence of TTL levels with only asterisks, terminating only when the maximum TTL is reached, may indicate this problem.
There is a known problem with the way some hosts handle an "ICMP TTL exceeded" message. Some hosts generate an "ICMP" message, but they reuse the TTL of the incoming packet. Since this is zero, the ICMP packets do not return. When you trace the path to such a host, you may see a set of TTL values with asterisks (*). Eventually the TTL gets high enough that the ICMP message can get back. For example, if the host is six hops away, traceroute times out on responses 6 through 11.
The following display shows sample IP traceroute output when a destination host name is specified.
Table 17-1 describes the fields shown in the display.
Table 17-1 Trace Field Descriptions
| Field | Description |
|---|---|
Indicates the sequence number of the switch in the path to the host. |
|
The following display shows a sample trace session involving the extended dialog of the trace command.
Table 17-2 describes the fields that are unique to the extended trace sequence, as shown in the display.
Table 17-2 Trace Field Descriptions
Table 17-3 describes the characters that can appear in trace output.
Table 17-3 IP Trace Text Characters
| Char | Description |
|---|---|
For each node, the round-trip time in milliseconds for the specified number of probes. |
|
Use the traceroute EXEC command to discover the IP routes the switch's packets actually take when traveling to their destination.
The protocol argument is based on the switch's examination of the format of the destination argument. For example, if the switch finds a destination in IP format, the protocol defaults to ip.
The traceroute command works by taking advantage of the error messages generated by switches when a datagram exceeds its time-to-live (TTL) value.
The traceroute command starts by sending probe datagrams with a TTL value of 1. This causes the first switch to discard the probe datagram and send back an error message. The traceroute command sends several probes at each TTL level and displays the round-trip time for each.
The traceroute command sends out one probe at a time. Each outgoing packet may result in one or two error messages. A "time exceeded" error message indicates that an intermediate switch detected and discarded the probe. A "destination unreachable" error message indicates that the destination node received and discarded the probe because it could not deliver the packet. If the timer goes off before a response comes in, traceroute prints an asterisk (*).
The traceroute command terminates when the destination responds, when the maximum TTL is exceeded, or when the user interrupts the trace with the escape sequence. By default, to invoke the escape sequence, enter ^ X.
Due to bugs in the IP implementation of various hosts and switches, the IP trace command may behave in unexpected ways.
Not all destinations respond correctly to a probe message by sending back an "ICMP port unreachable" message. A long sequence of TTL levels with only asterisks, terminating only when the maximum TTL is reached, may indicate this problem.
There is a known problem with the way some hosts handle an "ICMP TTL exceeded" message. Some hosts generate an ICMP message, but they reuse the TTL of the incoming packet. Since this is zero, the ICMP packets do not make it back. When you trace the path to such a host, you may see a set of TTL values with asterisks (*). Eventually the TTL gets high enough that the "ICMP" message can get back. For example, if the host is six hops away, traceroute times out on responses 6 through 11.
The following display shows sample IP traceroute output when a destination host name is specified.
Table 17-4 describes the fields shown in the display.
Table 17-4 Trace Field Descriptions
| Field | Description |
|---|---|
Indicates the sequence number of the switch in the path to the host. |
|
Table 17-5 describes the characters that can appear in traceroute output.
Table 17-5 IP Trace Text Characters
| Char | Description |
|---|---|
For each node, the round-trip time in milliseconds for the specified number of probes. |
|
To indicate to the network that this node does not allow calls to transit through it, use the transit-restricted node-level subcommand. To allow calls to transit through the node, use the no form of this command.
This command has no keywords or arguments.
ATM router PNNI configuration.
This command enables the network administrator to prevent connections from transiting nodes that only originate or terminate connections, for example, low-end edge switches that do not have the capacity to support transit calls.
For more information, refer to the LightStream 1010 ATM Switch Software Configuration Guide.
The following script shows how to access the transit-restricted node-level subcommand.
Note This command or its parameters might not function as expected in the LightStream 1010 ATM switch environment.
To assign a transmit interface to a receive-only interface, use the transmit-interface interface configuration command. To return to normal duplex Ethernet interfaces, use the no form of this command.
Receive-only interfaces are used commonly with microwave Ethernet interfaces.
The following example specifies Ethernet interface 2/0/0 as a simplex Ethernet interface.
To specify the transport protocol the switch uses if the user does not specify a transport protocol when initiating a connection, use the transport preferred line configuration command.
Specify transport preferred none to prevent errant connection attempts.
The following example sets the preferred protocol to Telnet on virtual terminal line 1.
terminal transport preferred
transport preferred
To set the terminal transmit baud rate (to terminal), use the txspeed line configuration command. Use the no form of this command to disable this feature.
Set the speed to match the baud rate of whatever device you have connected to the port. Some baud rates available on devices connected to the port might not be supported on the switch. The switch indicates if the speed you select is not supported. The following is a list of line speeds, in bits per second, that are available.
75, 110, 134, 150, 300, 600, 1200, 2000, 2400, 4800, 1800, 9600, 19200, 38400
The following example sets the auxiliary line transmit speed to 2400 bps.
Note This command or its parameters may not function as expected in the LightStream 1010 ATM switch environment.
To control the number of transmit buffers available to a specified interface on the MCI and SCI cards, use the tx-queue-limit interface configuration command.
Defaults depend on the total transmit buffer pool size and the traffic patterns of all the interfaces on the card. Defaults and specified limits are displayed with the show controllers mci EXEC command.
This command should be used only under the guidance of a technical support representative.
The following example sets the maximum number of transmit buffers on the interface to 5.
Posted: Thu Jan 23 21:00:05 PST 2003
All contents are Copyright © 1992--2002 Cisco Systems, Inc. All rights reserved.
Important Notices and Privacy Statement.